我有这个 JSF 2.0/Spring 应用程序,它添加了 Apache Shiro,并且当用户单击命令按钮或触发 AJAX 请求时,会话超时后不会发生重定向。当他们刷新浏览器时它确实有效。这发生在所有浏览器中。这是我的 applicationContext.xml:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/index.faces"/>
<property name="filterChainDefinitions">
<value>
/* = authc
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="opacsRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id="sha512Matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256" />
<property name="hashIterations" value="1024" />
</bean>
<bean id="opacsRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="dataSource" ref="dataSource" />
<property name="authenticationQuery"
value="select PASSWORD, SALT from SEC_USERS where NAME = ?" />
<property name="userRolesQuery"
value="SELECT ROLE_NAME FROM SEC_USERS_ROLES WHERE USER_NAME = ?" />
<property name="permissionsQuery"
value="SELECT permission FROM SEC_ROLES_PERMISSIONS WHERE ROLE_NAME = ?" />
<property name="permissionsLookupEnabled" value="true" />
<property name="saltStyle" value="COLUMN" />
<property name="credentialsMatcher" ref="sha512Matcher"/>
</bean>
我在设置中做错了吗?web.xml 如下所示:
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<!-- web.xml expects the session timeout in minutes: -->
<session-timeout>1</session-timeout>
</session-config>